» er_win_pro.exe
Overview
Analysis
File Details
Downloads (34)

er_win_pro.exe

Ontrack EasyRecovery Professional

Kroll Ontrack Inc.

This is a setup and installation application. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.

File name:

er_win_pro.exe

Publisher:

Kroll Ontrack Inc. (signed by Kroll Ontrack Inc.)

Product:

Ontrack EasyRecovery Professional

Description:

Ontrack EasyRecovery Professional Setup

Version:

11.0.2.0

MD5:

157168caa971706e3febfe26227c8bf4

SHA-1:

554b7f2bedafb14948ea2c0c4c3c451dbda57773

SHA-256:

5ba0fc2fcb14315866ed445e4af8f65c27e775108ccd48dbe34e52806887040a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 2:42:40 AM UTC (today)

File size:

18 MB (18,889,008 bytes)

Product version:

11.0.2.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

Kroll Ontrack Inc.

Authority:

VeriSign, Inc.

Valid from:

2/16/2012 5:00:00 PM

Valid to:

2/18/2014 4:59:59 PM

Subject:

CN=Kroll Ontrack Inc., OU=Kroll Ontrack Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Kroll Ontrack Inc., L=Eden Prairie, S=Minnesota, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4DB5067327046086673CEC5F2D8B2AB5

File PE Metadata

Compilation timestamp:

1/30/2013 7:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:lzGNNlLpVsQllPNKp1nHbLsXtwAUT/zQ8uSHRLzY7WPYw:lSNNpp6cllK7HbLuE/zuSHJWWgw

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9969

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file er_win_pro.exe has been seen being distributed by the following 34 URLs.

http://lb.cdn.m6web.fr/d/c/a/863a9ca0efbe4e9f9dc1165a3c5b5fc4/588909e5/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/2b8104be3fd2290fb462f63ff5a28b79/55e78772/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/51987c4a0278e40f969ddab5bf24edaf/583c122f/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/82678fe0c7b576a154b0a1103d21cff1/5817d46a/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/ac9ef621805db13093647849548567f2/5801381b/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/221b922bdb4b6a94e66b453a73bf89a5/5803a5a9/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/5d11bb9addca0b6f532223b598240d89/5835afb3/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/abea01372d86afd5205a290fae907ae9/57e93370/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/23db0bb9d760ce9b2fadac671615f282/57f4f382/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/06762ce860e392bd5da9f37ad7f66d12/578d6d83/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/52c761dc50197d12db895bca46ed5df1/53f9ab48/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/f850547ae5bd4823198f5b4e10b59c1b/5785f4c2/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/b5e9a2a5fa9b64a17b36f42ca826e6ab/569f988f/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/13738a359543d62ed72b2af8eb7ba97f/57ca9ad1/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/1aba963be68d713ed11befe5639204fd/57cb4cb2/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/fcb291148bd69b6ab2a849352cd3577a/54246dde/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/bbbf0114df6fd734c416afafed7a7827/56b7dfe6/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/86daf6dc180d066945593039aa957cfc/5702e95b/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/75748b6a0b11439128dd69747285b833/576b2f2b/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/23f008e84d1d4f5c07c9f947c6caca8a/57330976/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

https://mega.nz/temporary/.../mIZlFbrB

http://lb.cdn.m6web.fr/d/c/a/8aa819dd68f712a4399cde218e5be031/5763cc5a/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/68960047ab7ee2435883e42aa8287223/5756fc35/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://d110.cdn.m6web.fr/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/4aff0e69ff7f6d0ad183e1f2f73a5b7a/571f68e5/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/48d2751c6a3516aa0438b86b89ff4653/55d9fd91/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/3672da7dd870d0a5c731f284d59f6181/5701477b/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/f4fd8fdc34ade627fe2b4ffdc9a4ba53/56f23be6/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/b8063c214b0f0b661539b6b1c3ce7120/54b99c98/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

http://lb.cdn.m6web.fr/d/c/a/e7aad523219c29fd1535323246c1d59b/569ebb86/soft/.../easyrecovery-professional_11-0-2_fr_122744.exe

Latest 30 of 34 download URLs

Scan er_win_pro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.